There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect but some businesses are not even thinking about it yet, or are only just starting to.
In the second of three blogs on GDPR compliance, we’ve set out the key steps for starting compliance projects, along with some IT Governance solutions should you need any extra help.
Read the first blog in the series here.
4) Build a data inventory
To assess what measures are needed to align your data processing with the GDPR, you must first identify which categories of data are held, where the data comes from and the lawful basis for processing it. There are special categories of data that entail stricter processing rules, such as getting explicit consent.
5) Conduct a data flow audit
It’s essential to understand the flow of personal data within the business, as well as where it comes from and where it is sent. This will help you to identify risks in data processing activities and where controls are required.
From this, you can decide whether a data protection impact assessment (DPIA) is required to help identify, assess and mitigate or minimise privacy risks with data processing activities. The three primary conditions for a DPIA identified in the GDPR are:
- Systematic and extensive evaluation of personal aspects relating to natural persons, which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person.
- Processing on a large scale of special categories of data or of personal data relating to criminal convictions and offences.
- Systematic monitoring of a publicly accessible area on a large scale.
Our Data Flow Mapping Tool software allows you to create data flow maps with a simple, easy-to-use interface. Alternatively, you can book a data flow audit for an on-site assessment from one of our experienced consultants.
6) Conduct a detailed gap analysis
It’s vital to get an understanding of your level of compliance with the GDPR. A gap analysis highlights this as well as offering guidance on the key areas your organisation must address. Our EU GDPR Compliance Gap Assessment Tool is designed to allow organisations to assess their own compliance status, and our GDPR Gap Analysis service provides an on-site assessment. One of our experienced consultants will supply a detailed report on the compliance status of your business and provide guidance on the next steps.
In the third and final blog: steps 7–9.
Don’t delay until May 2018 – our services get booked up in advance and there are now less than six months to go until the GDPR comes into effect.
There are many EU GDPR Foundation and Practitioner training courses at multiple locations across the country on a weekly basis, with spaces still available in December and January.
Belfast: 8 January (save 10%)
Birmingham: 15 January
London: 19 December, 8 January, 15 January, 22 January
Also available as a Live Online course: 5 February
Newcastle: 22–26 January
London: 22–26 January
Book both courses at the same time to save 15%. View more >>
Many more dates and locations are available.